Digest #147: S3 Bucket Security, Redis to SQLite Shift, Kubernetes Secrets Management, and PostgreSQL 17 Release
Discord's websocket breakthrough, secrets management tips, and Kubernetes traffic mastery. Plus, SQL query optimization, TCP handshake explained, and exciting new DevOps tools.
Welcome to this week’s edition of the DevOps Bulletin!
Ever wonder how Discord reduced their websocket traffic by 40%? Speaking of surprises, there's a buzz about switching from Redis to SQLite. It's not what you'd expect, but it's got people talking.
Security's always top of mind, right? We're tackling the big question of how to manage secrets in env files. From cloud giants like AWS Secrets Manager to git-crypt.
Kubernetes fans, we've got you covered too. Learn how to keep certain pods off specific nodes, and master traffic management with Istio. Plus, we'll introduce you to Winter Soldier, a cool tool that could slash your non-prod environment costs.
For the database gurus, PostgreSQL 17 is out, and it's packed with features that could supercharge your performance. We'll highlight what's new and why it matters.
Lastly, don't miss our rundown of cool DevOps projects. From a Git visualizer that'll make your commits crystal clear, to a JSON tool that'll make you wonder how you ever lived without it.
There's so much more inside, including tips on AWS Lambda layers and the ins and outs of TCP's three-way handshake.
Newsworthy Stories
What tools to manage secrets from env files?
The HN thread highlights various approaches to managing secrets, from cloud-based solutions like AWS Secrets Manager and Hashicorp Vault to open-source tools like SOPS and git-crypt
Tutorials of the week
Hacking misconfigured AWS S3 buckets: The post outlines 8 key tests for identifying vulnerable buckets, including checking permissions and ACLs, and recommends automated tools for efficient scanning.
Generating IaC from Existing Cloud Resources: Learn practical tips for using tools like Terraformer to import AWS, Azure, or GCP resources into Terraform or OpenTofu.
Automated Password Rotation: How to build an automated flow for automating password rotation using Secret Manager, Cloud Functions, and Pub/Sub.
PromQL Cheat Sheet: Essential queries for monitoring and troubleshooting Kubernetes clusters.
Modern Serverless apps on Azure: Explore key tools like .NET 8, .NET Aspire, Dapr, and Microsoft Radius to improve your workflow from local development to cloud deployment.
Scale down Kubernetes made easy: Winter Soldier, an open-source tool, helps you automatically scale down non-production environments, saving you up to 28% on your annual infrastructure costs.
How to avoid scheduling pods on certain nodes: Discover practical techniques to restrict certain nodes for specific workloads, improving resource allocation and application performance.
Kubernetes Traffic Management: Set of techniques for handling north-south and east-west traffic using Istio, HTTPRoutes, and mTLS in a cloud-native environment.
Attacking UNIX Systems via CUPS: Learn about critical vulnerabilities in CUPS and cups-browsed affecting Unix systems, allowing remote code execution via UDP packets.
True Order of SQL Operations: Master the sequence from FROM to LIMIT to write more effective queries and avoid common pitfalls with GROUP BY and aggregations.
Why TCP needs 3 handshakes: Learn about SYN, ACK, and sequence numbers to grasp how TCP ensures reliable, ordered data transmission between devices.
AWS Lambda layers: Learn how to create and use AWS Lambda layers to share common Python code and dependencies across multiple Lambda functions.
Projects of the week
Highlighting cool DevOps projects to keep an eye on:
Venator is a flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm.
Git absorb is a tool that automatically identifies and incorporates uncommitted changes into appropriate previous commits in a Git branch.
A curated list of SQL tips and tricks for improving query writing, formatting, and avoiding common pitfalls.
JSON4U is a JSON visualization and processing tool with features like graph and table views, comparisons, validation, and jq support.
FastIndex is an open-source and self-hostable alternative to TagParrot, Omega Indexer, URLMonitor, and similar tools.
httpdbg is a tool for Python developers to easily debug the HTTP(S) client requests in a Python program.
DnsTrace is a tool that identifies DNS queries made by processes on the host.